<?php

//判断login.php传送的用户名密码是否匹配
function check_user()
{
	global $pdo,$tips;
	if (@ is_numeric($_POST['user'])==0)
	{
		$tips.='学号不合法!';
		return 0;
	} 
	$user=$_POST['user'];
	$sql='SELECT * FROM `user` WHERE id =? ';
	$result=$pdo->prepare($sql);
	$result->execute(array($user));
	if(!$row = $result->fetch())
	{
		$tips.='此学号未注册,请先注册!';
		return 0;
	}
	//var_dump($row);
	if (password_check($row['password'],$_POST['password']))
	{
		session_regenerate_id ();
	    $_SESSION['is_login']=1;
	    $_SESSION['nickname']=$row['nickname'];
	    $_SESSION['realname']=$row['realname'];
	    $_SESSION['permission']=$row['permission'];
	    $_SESSION['nickname']=$row['nickname'];
	    $_SESSION['email']=$row['nickname'];
	    $sql='UPDATE `jiaoshiguanlixitong`.`user` SET `lastlogintime` = NOW( ) ,`logincount` =`logincount`+1 WHERE `user`.`id` =? LIMIT 1 ';
	    $result=$pdo->prepare($sql);
		$result->execute(array($user));
		return 1;
	}
	$tips.='密码错误!';
	return 0;
}

function password_check($a,$b)
{
	//先使用明文密码,开发完成后改用hash
	echo ">>>$a  $b";
	if($a==$b) return 1;
	return 0;
}

?>